CVE-2026-40462
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk16th percentile - higher than 16% of all known CVEs
Summary
Incorrect permission assignment vulnerabilities exist in iControl REST and TMOS shell (tmsh) undisclosed command, allowing an authenticated attacker to view sensitive information.
Risk Assessment
The organization risks exposure of confidential data, such as configurations or keys, by an authenticated user with access to the management interface.
Recommendation
Immediately update the F5 BIG-IP system to a patched version and restrict access to iControl REST and tmsh to trusted accounts only.
Original NVD description (English source)
Incorrect permission assignment vulnerabilities exist in iControl REST and TMOS shell (tmsh) undisclosed command which may allow an authenticated attacker to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

